Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/security/keys/request_key_auth.c 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) // SPDX-License-Identifier: GPL-2.0-or-later
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2) /* Request key authorisation token key definition.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4)  * Copyright (C) 2005 Red Hat, Inc. All Rights Reserved.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5)  * Written by David Howells (dhowells@redhat.com)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7)  * See Documentation/security/keys/request-key.rst
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10) #include <linux/sched.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11) #include <linux/err.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12) #include <linux/seq_file.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13) #include <linux/slab.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14) #include <linux/uaccess.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15) #include "internal.h"
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16) #include <keys/request_key_auth-type.h>
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18) static int request_key_auth_preparse(struct key_preparsed_payload *);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19) static void request_key_auth_free_preparse(struct key_preparsed_payload *);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20) static int request_key_auth_instantiate(struct key *,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21) 					struct key_preparsed_payload *);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22) static void request_key_auth_describe(const struct key *, struct seq_file *);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23) static void request_key_auth_revoke(struct key *);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24) static void request_key_auth_destroy(struct key *);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25) static long request_key_auth_read(const struct key *, char *, size_t);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28)  * The request-key authorisation key type definition.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30) struct key_type key_type_request_key_auth = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31) 	.name		= ".request_key_auth",
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32) 	.def_datalen	= sizeof(struct request_key_auth),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33) 	.preparse	= request_key_auth_preparse,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34) 	.free_preparse	= request_key_auth_free_preparse,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35) 	.instantiate	= request_key_auth_instantiate,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36) 	.describe	= request_key_auth_describe,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37) 	.revoke		= request_key_auth_revoke,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38) 	.destroy	= request_key_auth_destroy,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39) 	.read		= request_key_auth_read,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40) };
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42) static int request_key_auth_preparse(struct key_preparsed_payload *prep)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47) static void request_key_auth_free_preparse(struct key_preparsed_payload *prep)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52)  * Instantiate a request-key authorisation key.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54) static int request_key_auth_instantiate(struct key *key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55) 					struct key_preparsed_payload *prep)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57) 	rcu_assign_keypointer(key, (struct request_key_auth *)prep->data);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58) 	return 0;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62)  * Describe an authorisation token.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64) static void request_key_auth_describe(const struct key *key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65) 				      struct seq_file *m)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67) 	struct request_key_auth *rka = dereference_key_rcu(key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69) 	if (!rka)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70) 		return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72) 	seq_puts(m, "key:");
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73) 	seq_puts(m, key->description);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74) 	if (key_is_positive(key))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75) 		seq_printf(m, " pid:%d ci:%zu", rka->pid, rka->callout_len);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79)  * Read the callout_info data (retrieves the callout information).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80)  * - the key's semaphore is read-locked
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82) static long request_key_auth_read(const struct key *key,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83) 				  char *buffer, size_t buflen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85) 	struct request_key_auth *rka = dereference_key_locked(key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86) 	size_t datalen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87) 	long ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89) 	if (!rka)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90) 		return -EKEYREVOKED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92) 	datalen = rka->callout_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93) 	ret = datalen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95) 	/* we can return the data as is */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96) 	if (buffer && buflen > 0) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97) 		if (buflen > datalen)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98) 			buflen = datalen;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) 		memcpy(buffer, rka->callout_info, buflen);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) 	return ret;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) static void free_request_key_auth(struct request_key_auth *rka)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 107) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 108) 	if (!rka)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 109) 		return;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 110) 	key_put(rka->target_key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 111) 	key_put(rka->dest_keyring);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 112) 	if (rka->cred)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 113) 		put_cred(rka->cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 114) 	kfree(rka->callout_info);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 115) 	kfree(rka);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 116) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 117) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 118) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 119)  * Dispose of the request_key_auth record under RCU conditions
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 120)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 121) static void request_key_auth_rcu_disposal(struct rcu_head *rcu)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 122) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 123) 	struct request_key_auth *rka =
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 124) 		container_of(rcu, struct request_key_auth, rcu);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 125) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 126) 	free_request_key_auth(rka);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 127) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 128) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 129) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 130)  * Handle revocation of an authorisation token key.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 131)  *
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 132)  * Called with the key sem write-locked.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 133)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 134) static void request_key_auth_revoke(struct key *key)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 135) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 136) 	struct request_key_auth *rka = dereference_key_locked(key);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 137) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 138) 	kenter("{%d}", key->serial);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 139) 	rcu_assign_keypointer(key, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 140) 	call_rcu(&rka->rcu, request_key_auth_rcu_disposal);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 141) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 142) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 143) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 144)  * Destroy an instantiation authorisation token key.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 145)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 146) static void request_key_auth_destroy(struct key *key)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 147) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 148) 	struct request_key_auth *rka = rcu_access_pointer(key->payload.rcu_data0);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 149) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 150) 	kenter("{%d}", key->serial);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 151) 	if (rka) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 152) 		rcu_assign_keypointer(key, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 153) 		call_rcu(&rka->rcu, request_key_auth_rcu_disposal);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 154) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 155) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 156) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 157) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 158)  * Create an authorisation token for /sbin/request-key or whoever to gain
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 159)  * access to the caller's security data.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 160)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 161) struct key *request_key_auth_new(struct key *target, const char *op,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 162) 				 const void *callout_info, size_t callout_len,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 163) 				 struct key *dest_keyring)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 164) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 165) 	struct request_key_auth *rka, *irka;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 166) 	const struct cred *cred = current_cred();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 167) 	struct key *authkey = NULL;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 168) 	char desc[20];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 169) 	int ret = -ENOMEM;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 170) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 171) 	kenter("%d,", target->serial);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 172) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 173) 	/* allocate a auth record */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 174) 	rka = kzalloc(sizeof(*rka), GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 175) 	if (!rka)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 176) 		goto error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 177) 	rka->callout_info = kmemdup(callout_info, callout_len, GFP_KERNEL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 178) 	if (!rka->callout_info)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 179) 		goto error_free_rka;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 180) 	rka->callout_len = callout_len;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 181) 	strlcpy(rka->op, op, sizeof(rka->op));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 182) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 183) 	/* see if the calling process is already servicing the key request of
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 184) 	 * another process */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 185) 	if (cred->request_key_auth) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 186) 		/* it is - use that instantiation context here too */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 187) 		down_read(&cred->request_key_auth->sem);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 188) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 189) 		/* if the auth key has been revoked, then the key we're
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 190) 		 * servicing is already instantiated */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 191) 		if (test_bit(KEY_FLAG_REVOKED,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 192) 			     &cred->request_key_auth->flags)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 193) 			up_read(&cred->request_key_auth->sem);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 194) 			ret = -EKEYREVOKED;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 195) 			goto error_free_rka;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 196) 		}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 197) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 198) 		irka = cred->request_key_auth->payload.data[0];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 199) 		rka->cred = get_cred(irka->cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 200) 		rka->pid = irka->pid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 201) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 202) 		up_read(&cred->request_key_auth->sem);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 203) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 204) 	else {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 205) 		/* it isn't - use this process as the context */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 206) 		rka->cred = get_cred(cred);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 207) 		rka->pid = current->pid;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 208) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 209) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 210) 	rka->target_key = key_get(target);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 211) 	rka->dest_keyring = key_get(dest_keyring);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 212) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 213) 	/* allocate the auth key */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 214) 	sprintf(desc, "%x", target->serial);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 215) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 216) 	authkey = key_alloc(&key_type_request_key_auth, desc,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 217) 			    cred->fsuid, cred->fsgid, cred,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 218) 			    KEY_POS_VIEW | KEY_POS_READ | KEY_POS_SEARCH | KEY_POS_LINK |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 219) 			    KEY_USR_VIEW, KEY_ALLOC_NOT_IN_QUOTA, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 220) 	if (IS_ERR(authkey)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 221) 		ret = PTR_ERR(authkey);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 222) 		goto error_free_rka;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 223) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 224) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 225) 	/* construct the auth key */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 226) 	ret = key_instantiate_and_link(authkey, rka, 0, NULL, NULL);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 227) 	if (ret < 0)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 228) 		goto error_put_authkey;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 229) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 230) 	kleave(" = {%d,%d}", authkey->serial, refcount_read(&authkey->usage));
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 231) 	return authkey;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 232) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 233) error_put_authkey:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 234) 	key_put(authkey);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 235) error_free_rka:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 236) 	free_request_key_auth(rka);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 237) error:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 238) 	kleave("= %d", ret);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 239) 	return ERR_PTR(ret);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 240) }
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 241) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 242) /*
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 243)  * Search the current process's keyrings for the authorisation key for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 244)  * instantiation of a key.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 245)  */
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 246) struct key *key_get_instantiation_authkey(key_serial_t target_id)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 247) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 248) 	char description[16];
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 249) 	struct keyring_search_context ctx = {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 250) 		.index_key.type		= &key_type_request_key_auth,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 251) 		.index_key.description	= description,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 252) 		.cred			= current_cred(),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 253) 		.match_data.cmp		= key_default_cmp,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 254) 		.match_data.raw_data	= description,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 255) 		.match_data.lookup_type	= KEYRING_SEARCH_LOOKUP_DIRECT,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 256) 		.flags			= (KEYRING_SEARCH_DO_STATE_CHECK |
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 257) 					   KEYRING_SEARCH_RECURSE),
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 258) 	};
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 259) 	struct key *authkey;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 260) 	key_ref_t authkey_ref;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 261) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 262) 	ctx.index_key.desc_len = sprintf(description, "%x", target_id);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 263) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 264) 	rcu_read_lock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 265) 	authkey_ref = search_process_keyrings_rcu(&ctx);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 266) 	rcu_read_unlock();
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 267) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 268) 	if (IS_ERR(authkey_ref)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 269) 		authkey = ERR_CAST(authkey_ref);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 270) 		if (authkey == ERR_PTR(-EAGAIN))
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 271) 			authkey = ERR_PTR(-ENOKEY);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 272) 		goto error;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 273) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 274) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 275) 	authkey = key_ref_to_ptr(authkey_ref);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 276) 	if (test_bit(KEY_FLAG_REVOKED, &authkey->flags)) {
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 277) 		key_put(authkey);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 278) 		authkey = ERR_PTR(-EKEYREVOKED);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 279) 	}
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 280) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 281) error:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 282) 	return authkey;
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 283) }
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.